MDVSA-2009:093-1
- Package name
- mpg123
- Date
- 2009-12-08
- Advisory ID
- MDVSA-2009:093-1
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
A vulnerability has been found and corrected in mpg123:
Integer signedness error in the store_id3_text function in the
ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a
denial of service (out-of-bounds memory access) and possibly execute
arbitrary code via an ID3 tag with a negative encoding value. NOTE:
some of these details are obtained from third party information
(CVE-2009-1301).
The updated packages have been patched to correct this issue.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
Updated packages
2008.0 i586
a7fff075fcde8a998210eb2f6a10a8f5 2008.0/i586/mpg123-0.66-2.1mdv2008.0.i586.rpm 33bfefebb4ee900c1ac91fc6bc404b3e 2008.0/SRPMS/mpg123-0.66-2.1mdv2008.0.src.rpm
2008.0 x86_64
3043ea5891795b013b9b89fa226b28be 2008.0/x86_64/mpg123-0.66-2.1mdv2008.0.x86_64.rpm 33bfefebb4ee900c1ac91fc6bc404b3e 2008.0/SRPMS/mpg123-0.66-2.1mdv2008.0.src.rpm